Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tor-Enabled Smartphone Is Antidote To Google 'Hostility' Over Android, Says Developer (arstechnica.com)

Posted by BeauHD on from the user-choice-and-freedom dept.

An anonymous reader quotes a report from Ars Technica: The Tor Project recently announced the release of its prototype for a Tor-enabled smartphone -- an Android phone beefed up with privacy and security in mind, and intended as equal parts opsec kung fu and a gauntlet to Google. The new phone, designed by Tor developer Mike Perry, is based on Copperhead OS, the hardened Android distribution profiled first by Ars earlier this year. "The prototype is meant to show a possible direction for Tor on mobile," Perry wrote in a blog post. "We are trying to demonstrate that it is possible to build a phone that respects user choice and freedom, vastly reduces vulnerability surface, and sets a direction for the ecosystem with respect to how to meet the needs of high-security users." To protect user privacy, the prototype runs OrWall, the Android firewall that routes traffic over Tor, and blocks all other traffic. Users can punch a hole through the firewall for voice traffic, for instance, to enable Signal. The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys." While strong Linux geekcraft is required to install and maintain the prototype, Perry stressed that the phone is also aimed at provoking discussion about what he described as "Google's increasing hostility towards Android as a fully Open Source platform." Copperhead OS was the obvious choice for the prototype's base system, Perry told Ars. "Copperhead is also the only Android ROM that supports verified boot, which prevents exploits from modifying the boot, system, recovery, and vendor device partitions," said Perry in his blog post. "Copperhead has also extended this protection by preventing system applications from being overridden by Google Play Store apps, or from writing bytecode to writable partitions (where it could be modified and infected)." He added: "This makes Copperhead an excellent choice for our base system." The prototype, nicknamed "Mission Improbable," is now ready to download and install. Perry said he uses the prototype himself for his personal communications: "E-mail, Signal, XMPP+OTR, Mumble, offline maps and directions in OSMAnd, taking pictures, and reading news and books." He suggests leaving the prototype in airplane mode and connecting to the Internet through a second, less-trusted phone, or a cheap Wi-Fi cell router.

39 comments

  1. As much exectation of privacy as you can afford by rectalfeeding · · Score: 4, Interesting

    The prototype only works on Google Nexus and Pixel hardware, as these are the only Android device lines, Perry wrote, that "support Verified Boot with user-controlled keys."

    As long as it remains "as much privacy and security as you can afford", while the masses opt for sub $50 phones that treat them like cattle... What we need is herd level expectations of privacy. FOSS top to bottom, lowest barriers to forking competing alternatives. I only trust upstreams that don't behave as though not trusting them is a bad thing.

    1. Re:As much exectation of privacy as you can afford by AHuxley · · Score: 1

      Is the Verified Boot with user-controlled keys still in user app land? The security services would not allow a phone to be network connected that they cannot listen, log, track even if another OS level OS is installed.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:As much exectation of privacy as you can afford by infolation · · Score: 2

      As.... much... expectation of... privacy as your.... zootopia... sloth friends... can... tolerate... on....
      ....
      ...
      tor

      ha.... ha.... ... ... ha....

    3. Re:As much exectation of privacy as you can afford by K.+S.+Kyosuke · · Score: 1

      You can track on the cellular network level, but simply having a separate modem module defeats it.

      --
      Ezekiel 23:20
    4. Re:As much exectation of privacy as you can afford by AHuxley · · Score: 1

      So voice, gps, power on, live mic, call logs are all hardware designed in.
      The more commercial advance spyware, adware apps would get detected as they altered the OS, expecting a different OS.

      --
      Domestic spying is now "Benign Information Gathering"
  2. Contradiction by Anonymous Coward · · Score: 0

    This prototype only works on Google Nexus and Pixel devices because they're the only ones that provide the user with verified boot with user-provided keys... because Google is hostile to Android as a fully open source platform?

    Seems like if Google were hostile to openness, it wouldn't go out of its way to make sure that the devices it sells can be fully owned by the user.

    1. Re:Contradiction by Anonymous Coward · · Score: 1

      Seems like if Google were hostile to openness, it wouldn't go out of its way to make sure that the devices it sells can be fully owned by the user.

      Because you have to come crawling to them to actually do anything with the device. They will never release the drivers nor their device kernels as open source. You need their binary blobs - which do god knows what. Not to mention they are increasingly converting what used to be open source components of Android into bloated proprietary binary blobs and abandoning the open source ones. There is absolutely nothing open about Google. Google relishes every single opportunity to fence the web and install ads between you and the content (which they don't create).

      Like seriously, have you been living under a rock?

  3. But... Tor by Anonymous Coward · · Score: 0

    Copperhead OS sounds great, but I wouldn't want to pollute it with Tor. I would rather use my ISP's network, where the spying is known. On Tor, you have no idea who is spying on you and modifying your data.

    1. Re:But... Tor by AHuxley · · Score: 1

      Given the US per case costs of tracking onion routing for open court case work... all ip's are court ready now.

      --
      Domestic spying is now "Benign Information Gathering"
  4. Terrorist friendly? by Anonymous Coward · · Score: 1

    Would this phone enable secure intercell communications? Is it detonator ready? How traceable are the components?

  5. Onions by PsyMan · · Score: 1

    lets be honest, this seems like alt-great stuff, NN, wish I had pixels and nexii when boiling onions.

  6. Go Calexit!! by Anonymous Coward · · Score: 0

    Many political diseases spread from California when its residents move to other states after having screwed up their own state. Like gangrene, it's time to cut the rot.

  7. not nearly good enough. by Gravis+Zero · · Score: 5, Insightful

    If you don't want to Google meddling in your affairs, do not use any of their services. However, the real security issue here is the baseband processor. To my knowledge, they are all closed source though there is an implementation of a open source one. That said, if you want to avoid being spied on, you shouldn't carry around the most sophisticated piece of surveillance equipment that man has ever created.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:not nearly good enough. by rectalfeeding · · Score: 1

      That said, if you want to avoid being spied on, you shouldn't carry around the most sophisticated piece of surveillance equipment that man has ever created.

      Or if you do because you don't want to forgo the tactical advantages, you may at least want to have the battery, microphones, cameras, and antennae temporarily physically disconnected, all inside a faraday baggie carrying pouch.

    2. Re:not nearly good enough. by Anonymous Coward · · Score: 0

      This, plus that pesky hypervisor...

    3. Re:not nearly good enough. by ChunderDownunder · · Score: 1

      The summary suggests carrying a secondary burner phone to connect to the mobile network via wifi tethering.

      But can't the benevolent folks at the 5-Eyes then still track a suspect by the location of the wifi hotspot?

    4. Re:not nearly good enough. by nnull · · Score: 1

      That's what makes me sad with cellphones.

    5. Re:not nearly good enough. by psyclone · · Score: 1

      Of course. This won't prohibit location tracking.

      This sounds like fancy layers of firewalls for appy app apps: route traffic through TOR, prohibit certain types of malware, trust some versions of binary apps to not change.

    6. Re:not nearly good enough. by Anonymous Coward · · Score: 0

      Exactly, keep your phones out of the bathroom, folks.

    7. Re:not nearly good enough. by rtb61 · · Score: 2

      You only need one phone, you just need to treat it properly. It is not a security device, it is not a privacy device, it is a digital megaphone which screams out your communications across the entire internet. So use with care, limit what goes on there, assume your worst enemy is listening in (for many that is factually true) but they does not mean to abandon the fight for privacy and security. What they stole we can take back and Google has most definitely proved itself to be a corporation never to be trusted, the big shit at alphabet trying to shake and bake elections to suit his own ego and greed, what an ass hat.

      So the big struggle ahead will be how to break google's control of android because they can not be trusted and by not trusted I mean they can be not trusted to participate in democracy and that is about as evil as it gets. Deep level individual manipulation of search, marketing, news is really sick and dangerous stuff and they are already there and so are their soul buddies M$, pretty much getting just as bad as each other.

      --
      Chaos - everything, everywhere, everywhen
    8. Re:not nearly good enough. by Anonymous Coward · · Score: 0

      Exactly, keep your phones out of the bathroom, folks.

      Along the lines of 'as much privacy and security as you can afford', what really pisses me off is how rich people can afford houses so big they can comfortably get some real physical distance between themselves and their consentual spying devices during their ordinary home life. Must be nice.

    9. Re:not nearly good enough. by Burz · · Score: 1

      Wifi equipment has started down a road of anonymization. Linux users have been tinkering with macchanger for a while (though not effectively enough to stop the native MAC address from popping up now and then). Apple made the first big splash when they made MAC randomization standard for scanning mode; Android copied that. Microsoft followed suit with a MAC randomization in more modes. Then the Linux folks finally did it right by building MAC randomization features into Network Manager. The idea, of course, is to keep the original MAC address suppressed.

      Stay tuned for more.

    10. Re:not nearly good enough. by Anonymous Coward · · Score: 0

      Only if they know it belongs to you. The point of burner phones is that they can't easily be tied to you (normally PAYG and bought with cash) and you don't keep them for very long.

  8. Awesome! by Anonymous Coward · · Score: 0

    Pay for 4G data speeds, get 2G data performance (at best).

  9. Tor stinks of Honeypot by Anonymous Coward · · Score: 3, Interesting

    Tor is very very borked.

    NSA and GCHQ planned to create enough entry and exit nodes to shape the traffic. This was done.
    They planned to put in attack nodes to exploit bugs in Firefox. This was done.
    They planned to put in attack nodes and exploit bugs in servers. This was done.
    They presumably planned to put friendlies into Tor foundation, and given their behavior that was done too.

    If you consider the 'obsfucation nodes', to hide use of Tor, you can request an undocumented entry node via GMail. Gmail the system with the NSA PRISM interface, and connected to physical android phones, and Google Play credit card details, a microphone, camera and comms, all under remote control.
    So as soon as you request an obsfucation node, you would be flagged as interesting for surveillance and that could include listening in on your devices, given the facilities of smartphones these days. Tor made this choice to deliver obsfucation nodes, *AFTER* the PRISM interface had been revealed by Snowden. Why exactly would they make such a choice if they weren't borked.

    But of course NSA would never do that, they'd never for example, spy on your emails of politicians to keep a man who got fewer votes in power. He'd never work with hackers to undermine a democracy because he's an honest businessman hiding nothing. NOT. The new Trump reality means if its a USA system its a hostile-to-freedom system. Any warm feelings you have for NSA, put them aside, their management will get stuffed full of traitors more faithful to Trump than to America, and certainly not your friends.

    Avoid Tor. It's a trap.

    1. Re: Tor stinks of Honeypot by Anonymous Coward · · Score: 0

      Excuse me you brain dead pig fucker, but Obama is president. Don't try to dump responsibility for the things you mentioned on someone who tales office next year.

    2. Re: Tor stinks of Honeypot by Anonymous Coward · · Score: 0

      Did you just call this man a "pig fucker?"

    3. Re:Tor stinks of Honeypot by rectalfeeding · · Score: 1

      The new Trump reality means if its a USA system its a hostile-to-freedom system.

      Please give examples of any less 'hostile-to-freedom' systems that exist? I.e. is there some other country whose systems you feel are thus 'less hostile to freedom'? Please name them, and explain in more detail.

      And while Trump may raise some anxieties, perhaps altogether appropriately on these issues, Snowden's revelations about the USA tech systems under Obama does not suggest that Trump is necessarily a true game changer in this regard.

      But certainly, a system least hostile to freedom would look like a system generated from a 3D printer sitting in your own home. With full inspectable and modifiable designs/layouts/code under FOSS style licences.

    4. Re: Tor stinks of Honeypot by Anonymous Coward · · Score: 0

      Excuse me you brain dead pig fucker, but Obama is president. Don't try to dump responsibility for the things you mentioned on someone who tales office next year.

      If Trump 'tails' office is that going to require tic-tact and his "No means yes" star super power, AKA his pussygrabbing ability?

    5. Re:Tor stinks of Honeypot by Anonymous Coward · · Score: 0

      "Please give examples of any less 'hostile-to-freedom' systems that exist? "

      If Tor is a honeypot, then normal communications is better because you'd be more in the crowd, and less self selected for surveillance by using Tor.

      If you further use the obsfuction nodes, you are guaranteeing a flag against an identifiable ID, (the Google account), with a system with a known back door (PRISM), under a man elected against the majority votes of Americans (Trump).

      "Trump may raise some anxieties", it is the combination of : mass surveillance (revealed by Snowden), lack of oversight outside the executive branch, a leader that takes power against the majority of votes, with personality lacking honesty and adult temperament, who is a fan of a foreign power, and who received hacking help from that foreign power to take power against the wishes of the democracy.

      "Trump is necessarily a true game changer in this regard", but Putin is, and Trump gives Putin access to that.

    6. Re: Tor stinks of Honeypot by wiretrip · · Score: 1

      Our last Prime Minister actually did that.

  10. To do it properly, let's dump Android by hughbar · · Score: 3, Interesting

    As far as I'm concerned Android is a sticky layer of ugliness, spyiness, syrupiness and general insecurity attached with sticky tape onto the top of a Linux kernel. Most of this shit is written in Java, the COBOL of the 1990s with it's murky license and endless lines of code, to do one little thing.

    Secondly as I've said here: https://slashdot.org/comments.... I hate apps, now a more influential commentator has followed this line of thought, this week: https://medium.com/javascript-... They break the philosophy and freedom of the web, as if Facebook etc. hadn't done that already (as a friend said, I used to surf but now I visit 'sites').

    All in all, my old friend William of Ockham: https://en.wikipedia.org/wiki/... is spinning in his grave right now and dreaming of a non-Android, non 'apps', non-commercially tied future. Like John Lennon, I'm probably dreaming, but just 'imagine'...

    --
    On y va, qui mal y pense!
    1. Re:To do it properly, let's dump Android by Anonymous Coward · · Score: 0

      You'll notice that inferior solutions always win, the only solution is global thermonuclear war.

    2. Re:To do it properly, let's dump Android by Anonymous Coward · · Score: 0

      " I hate apps [] They break the philosophy and freedom of the web"

      Pure Bullshit. Just because person C and person D use an app to communicate using the internet doesn't interfere in the slightest way with the freedom of person A and person B and every other internet user to communicate with as vanilla a port 80 and 443 HTTP based software program of their choosing.

      For fuck's sake people don't fall for this bullshit. What kind of conformist wet dream is your outlaw-apps worldview?

    3. Re:To do it properly, let's dump Android by Anonymous Coward · · Score: 0

      I hate apps, now a more influential commentator has followed this line of thought, this week: https://medium.com/javascript-... They break the philosophy and freedom of the web,

      This, my friend. Help spread the word. Lets go back to the real WWW.

    4. Re:To do it properly, let's dump Android by hughbar · · Score: 1

      I said I hate them, but you are quite welcome to them my friendly Anonymous Coward. Be well and prosper, as they say!

      --
      On y va, qui mal y pense!
  11. Re: As much exectation of privacy as you can affor by Anonymous Coward · · Score: 0

    The endpoint is still an Android phone with Google services running. I do not understand how TOR will help with an already compromised endpoint.

  12. Tor stinks of honeypot stinks of FUD by epine · · Score: 1

    Avoid Tor. It's a trap.

    And you would be:

    A) on the side of the freedom loving tin hats;
    B) the algorithmic claptrap of yet another NSA disinformation FUD campaign?

    What I can say for certain.

    Your post hails from the Chicago "the gun, the gun, the gun" school of analysis.

    s/gun/NSA/g

    Interesting. Somewhere in the bath water, reducing the scope of your security leak to (probably) the most advanced and (certainly) the best-funded surveillance agency on the planet went right out the window.

    Here's the thing about the NSA. They've (literally) got billions of fish to fry.

    Unless you're a very big fish indeed (or part and parcel of the sleeper cell with the mostest, of same) fixating on putative capabilities of the NSA (dispelling clarity on this matter is NSA's job #1) is narcissism porn of the boner apocalypse.

    1. Re:Tor stinks of honeypot stinks of FUD by Anonymous Coward · · Score: 0

      narcissism porn of the boner apocalypse.

      In the world of President Donald Trump of Two Thousand and Seventeen Jesus Years, Who can argue with your Boner Apocalypse logic. Why, I'm sure all you have to do to find narcissists is walk into your bathroom in the morning.

      I'm sure the NSA has no LOVINT on you @epine...